Staying on top of the evolving threat landscape is a daunting task, to say the least. There is just so much information that researchers must sift through, that it’s easy to become overloaded.
To help cut through the clutter and noise in the security space and do this job successfully, WhiteHat Security’s application security researchers are sharing their tips to help other teams understand all that’s involved. Read on to hear how they work diligently to avoid missing threats or discovering them too late – and get tips for how to ensure that your company’s security posture remains a step ahead.
The first critical step to staying informed on threats is to compile a short list of reliable security news sources. These sources should be verified as valid – meaning that all threats they have identified have been researched and confirmed. Their content should be updated frequently, and they should present it so that it is quick and easy to read, allowing actions or reactions to be swift and decisive. Some of the team’s favorite sources of security information and threats include:
- The Cyberwire podcast, which provides daily updates on vulnerabilities in only 10 minutes
- CVE databases, which should be frequently monitored to decide if new vulnerabilities apply to your organization; create an RSS feed or subscribe to notifications for technologies that are being used by your organization
The second step to remaining ahead of current threats and vulnerabilities is to develop an internal method of tracked communication for the security team to quickly share details on new vulnerabilities with the engineering and operations teams. For example:
- The security team might ask engineers, “Can we confirm if your teams are using ____? A new vulnerability was just found in version XYZ”
- Also critical is having a trackable process for remediation, so that when teams are using a vulnerable software, it can swiftly be quarantined or disabled, to prevent damage to the organization
- Develop an email alias that includes all relevant researchers. Also use group chat or collaboration platforms, which distribute information faster than traditional email apps
For security teams that want to take their monitoring efforts an extra step, nothing compares to being more social. For example:
- Public forums are a great resource for discussing security vulnerabilities with other researchers
- Networking is also valuable for information sharing, whether in-person at security conferences or at local security meet ups
- Finally, never underestimate having some fun with working! A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems